From 797c2e90ac2ab703b8694a7fae0458d76fc6e023 Mon Sep 17 00:00:00 2001
From: Hamed Valiollahi <hamedv90@gmail.com>
Date: Wed, 15 Jan 2025 10:19:36 -0800
Subject: [PATCH] fix: setup unauthorized page and redirect for LCFS

---
 backend/lcfs/services/keycloak/authentication.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/lcfs/services/keycloak/authentication.py b/backend/lcfs/services/keycloak/authentication.py
index 49661535b..b45dc8089 100644
--- a/backend/lcfs/services/keycloak/authentication.py
+++ b/backend/lcfs/services/keycloak/authentication.py
@@ -160,7 +160,7 @@ async def authenticate(self, request):
                             await self.create_login_history(
                                 user_token, False, error_text
                             )
-                            raise HTTPException(status_code=401, detail=error_text)
+                            raise HTTPException(status_code=403, detail=error_text)
                         else:
                             # Already found by keycloak_user_id => return
                             return AuthCredentials(["authenticated"]), user
@@ -204,7 +204,7 @@ async def authenticate(self, request):
                 if not user.is_active:
                     error_text = "The account is currently inactive."
                     await self.create_login_history(user_token, False, error_text)
-                    raise HTTPException(status_code=401, detail=error_text)
+                    raise HTTPException(status_code=403, detail=error_text)
         else:
             error_text = "preferred_username or email is required in JWT payload."
             raise HTTPException(status_code=401, detail=error_text)